]> git.aero2k.de Git - tmp/jakarta-migration.git/blob
projects / tmp / jakarta-migration.git / blob
? search:


2e3e8cb3d568e88506622c6594586d0945b1a461
[tmp/jakarta-migration.git] /
1 /**
2  *  This document is a part of the source code and related artifacts
3  *  for CollectionSpace, an open source collections management system
4  *  for museums and related institutions:
5
6  *  http://www.collectionspace.org
7  *  http://wiki.collectionspace.org
8
9  *  Copyright 2009 University of California at Berkeley
10
11  *  Licensed under the Educational Community License (ECL), Version 2.0.
12  *  You may not use this file except in compliance with this License.
13
14  *  You may obtain a copy of the ECL 2.0 License at
15
16  *  https://source.collectionspace.org/collection-space/LICENSE.txt
17
18  *  Unless required by applicable law or agreed to in writing, software
19  *  distributed under the License is distributed on an "AS IS" BASIS,
20  *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
21  *  See the License for the specific language governing permissions and
22  *  limitations under the License.
23  */
24 package org.collectionspace.services.authorization.driver;
25
26 import java.io.File;
27 import java.util.ArrayList;
28 import java.util.HashSet;
29 import java.util.List;
30 import org.collectionspace.services.authorization.AuthZ;
31 import org.collectionspace.services.authorization.Permission;
32 import org.collectionspace.services.authorization.PermissionRole;
33 import org.collectionspace.services.authorization.PermissionRoleRel;
34 import org.collectionspace.services.authorization.Role;
35 import org.collectionspace.services.authorization.SubjectType;
36 import org.collectionspace.services.authorization.importer.AuthorizationGen;
37 import org.collectionspace.services.authorization.importer.AuthorizationSeed;
38 import org.collectionspace.services.authorization.importer.AuthorizationStore;
39 import org.collectionspace.services.authorization.storage.PermissionRoleUtil;
40 import org.slf4j.Logger;
41 import org.slf4j.LoggerFactory;
42 import org.springframework.context.support.ClassPathXmlApplicationContext;
43 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
44 import org.springframework.security.core.Authentication;
45 import org.springframework.security.core.GrantedAuthority;
46 import org.springframework.security.core.authority.GrantedAuthorityImpl;
47 import org.springframework.security.core.context.SecurityContextHolder;
48 import org.springframework.transaction.TransactionDefinition;
49 import org.springframework.transaction.TransactionStatus;
50 import org.springframework.transaction.support.DefaultTransactionDefinition;
51
52 /**
53  * A driver for seeding authorization
54  * @author 
55  */
56 public class AuthorizationSeedDriver {
57
58     final Logger logger = LoggerFactory.getLogger(AuthorizationSeedDriver.class);
59     final static private String SPRING_SECURITY_METADATA = "applicationContext-authorization-test.xml";
60     final static private String ROLE_FILE = "import-roles.xml";
61     final static private String PERMISSION_FILE = "import-permissions.xml";
62     final static private String PERMISSION_ROLE_FILE = "import-permissions-roles.xml";
63     private String user;
64     private String password;
65     private String tenantBindingFile;
66     private String exportDir;
67     private AuthorizationGen authzGen;
68     private org.springframework.jdbc.datasource.DataSourceTransactionManager txManager;
69
70     /**
71      * AuthorizationSeedDriver
72      * @param user to use to establish security context. should be in ROLE_ADMINISTRATOR
73      * @param password
74      * @param tenantBindingFile
75      * @param importDir dir to import permisison/permission role file from. same as
76      * export dir by default
77      * @param exportDir dir to export permission/permission role file to
78      */
79     public AuthorizationSeedDriver(String user, String password,
80             String tenantBindingFile,
81             String exportDir) {
82         if (user == null || user.isEmpty()) {
83             throw new IllegalArgumentException("username required.");
84         }
85         this.user = user;
86
87         if (password == null || password.isEmpty()) {
88             throw new IllegalArgumentException("password required.");
89         }
90         this.password = password;
91         
92         if (tenantBindingFile == null || tenantBindingFile.isEmpty()) {
93             throw new IllegalArgumentException("tenantbinding file are required.");
94         }
95         this.tenantBindingFile = tenantBindingFile;
96         if (exportDir == null || exportDir.isEmpty()) {
97             throw new IllegalArgumentException("exportdir required.");
98         }
99         this.exportDir = exportDir;
100
101     }
102
103     public void generate() {
104         try {
105             authzGen = new AuthorizationGen();
106             authzGen.initialize(tenantBindingFile);
107             authzGen.createDefaultRoles();
108             authzGen.createDefaultPermissions();
109             authzGen.associateDefaultPermissionsRoles();
110             authzGen.exportDefaultRoles(exportDir + File.separator + ROLE_FILE);
111             authzGen.exportDefaultPermissions(exportDir + File.separator + PERMISSION_FILE);
112             authzGen.exportDefaultPermissionRoles(exportDir + File.separator + PERMISSION_ROLE_FILE);
113             if (logger.isDebugEnabled()) {
114                 logger.debug("authorization generation completed ");
115             }
116         } catch (Exception ex) {
117             if (logger.isDebugEnabled()) {
118                 ex.printStackTrace();
119             }
120             throw new RuntimeException(ex);
121         }
122     }
123
124     public void seed() {
125         TransactionStatus status = null;
126         try {
127                 // Push all the authz info into the cspace DB tables.
128             store();
129
130             setupSpring();
131             status = beginTransaction("seedData");
132             AuthorizationSeed authzSeed = new AuthorizationSeed();
133             authzSeed.seedPermissions(exportDir + File.separator + PERMISSION_FILE,
134                     exportDir + File.separator + PERMISSION_ROLE_FILE);
135             if (logger.isDebugEnabled()) {
136                 logger.debug("authorization seeding completed ");
137             }
138         } catch (Exception ex) {
139             if (status != null) {
140                 rollbackTransaction(status);
141             }
142             if (logger.isDebugEnabled()) {
143                 ex.printStackTrace();
144             }
145             throw new RuntimeException(ex);
146         } finally {
147             if (status != null) {
148                 commitTransaction(status);
149             }
150             logout();
151         }
152     }
153
154     private void setupSpring() {
155
156         ClassPathXmlApplicationContext appContext = new ClassPathXmlApplicationContext(
157                 new String[]{SPRING_SECURITY_METADATA});
158         login();
159         System.setProperty("spring-beans-config", SPRING_SECURITY_METADATA);
160         AuthZ authZ = AuthZ.get();
161         txManager = (org.springframework.jdbc.datasource.DataSourceTransactionManager) appContext.getBean("transactionManager");
162         if (logger.isDebugEnabled()) {
163             logger.debug("spring setup complete");
164         }
165     }
166
167     private void login() {
168         //GrantedAuthority cspace_admin = new GrantedAuthorityImpl("ROLE_ADMINISTRATOR");
169         GrantedAuthority spring_security_admin = new GrantedAuthorityImpl("ROLE_SPRING_ADMIN");
170         HashSet<GrantedAuthority> gauths = new HashSet<GrantedAuthority>();
171         //gauths.add(cspace_admin);
172         gauths.add(spring_security_admin);
173         Authentication authRequest = new UsernamePasswordAuthenticationToken(user, password, gauths);
174         SecurityContextHolder.getContext().setAuthentication(authRequest);
175         if (logger.isDebugEnabled()) {
176             logger.debug("login successful for user=" + user);
177         }
178     }
179
180     private void logout() {
181         SecurityContextHolder.getContext().setAuthentication(null);
182         if (logger.isDebugEnabled()) {
183             logger.debug("logged out user=" + user);
184         }
185     }
186
187     private void store() throws Exception {
188         AuthorizationStore authzStore = new AuthorizationStore();
189         for (Role role : authzGen.getDefaultRoles()) {
190             authzStore.store(role);
191         }
192
193         for (Permission perm : authzGen.getDefaultPermissions()) {
194             authzStore.store(perm);
195         }
196
197         List<PermissionRoleRel> permRoleRels = new ArrayList<PermissionRoleRel>();
198         for (PermissionRole pr : authzGen.getDefaultPermissionRoles()) {
199             PermissionRoleUtil.buildPermissionRoleRel(pr, SubjectType.ROLE, permRoleRels, false /*not for delete*/);
200         }
201         for (PermissionRoleRel permRoleRel : permRoleRels) {
202             authzStore.store(permRoleRel);
203         }
204
205         if (logger.isDebugEnabled()) {
206             logger.debug("authroization storage completed ");
207         }
208
209     }
210
211     private TransactionStatus beginTransaction(String name) {
212         DefaultTransactionDefinition def = new DefaultTransactionDefinition();
213         // explicitly setting the transaction name is something that can only be done programmatically
214         def.setName(name);
215         def.setPropagationBehavior(TransactionDefinition.PROPAGATION_REQUIRED);
216         return txManager.getTransaction(def);
217     }
218
219     private void rollbackTransaction(TransactionStatus status) {
220         txManager.rollback(status);
221     }
222
223     private void commitTransaction(TransactionStatus status) {
224         txManager.commit(status);
225     }
226 }